Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
Deep Malware Analysis
top title background image
flash

OTPAuthenticator.wsf

Status: finished
Submission Time: 2024-09-16 11:05:09 +02:00
Malicious
Trojan
Spyware
Exploiter
Evader
AsyncRAT

Comments

Tags

  • wsf

Details

  • Analysis ID:
    1511762
  • API (Web) ID:
    1511762
  • Analysis Started:
    2024-09-16 11:05:09 +02:00
  • Analysis Finished:
    2024-09-16 11:15:40 +02:00
  • MD5:
    2e87fe3cdb91e6a66be7ba1a3ee15eab
  • SHA1:
    52945722ce7f8489cc98bc9dd482d858fe7e60c6
  • SHA256:
    2c295492de80df3a89ee60ae665b4209455aafe8574e044ff4f4ebe205e5ba15
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious

IPs

IP Country Detection
104.20.3.235
 United States
149.154.167.220
 United Kingdom
45.88.186.223
 Netherlands
Click to see the 2 hidden entries
193.26.115.48
 Netherlands
172.67.74.152
 United States

Domains

Name IP Detection
workingzoon.work.gd
 45.88.186.223
mohfat7y.freeddns.org
 193.26.115.48
api.telegram.org
 149.154.167.220
Click to see the 2 hidden entries
pastebin.com
 104.20.3.235
api.ipify.org
 172.67.74.152

URLs

Name Detection
https://pastebin.com/raw/89imXRj4
http://workingzoon.work.gd:777/ft7/dddd.mp4X
http://workingzoon.wor
Click to see the 32 hidden entries
http://workingzoon.work.gd:777
http://workingzoon.work.gd
null
http://workingzoon.work.gd:777/ft7/dddd.mp4
http://workingzoon.work.gd:777/ft7/dddd.mp4E
http://workingzoon.work.gd:777/ft7/011011101110100000010101010001110010010101101110111010000001010
https://aka.ms/pscore68
http://api.telegram.org
http://api.ipify.org
https://oneget.orgX
https://nuget.org/nuget.exe
https://contoso.com/
http://www.microsoft.I
https://api.telegram.org/bot$BotToken/sendMessage
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
https://api.ipify.org/?format=text
https://oneget.org
https://api.ipify.org/?format=textp
https://api.ipify.org
https://github.com/Pester/Pester
https://api.telegram.org/bot7252114865:AAGmlQ0WALjwG2UkRQj8B5LSReMBTAMhfQs/sendMessagep
https://api.telegram.org/bot7252114865:AAGmlQ0WALjwG2UkRQj8B5LSReMBTAMhfQs/sendMessage
https://contoso.com/Icon
https://contoso.com/License
https://go.micro
http://www.apache.org/licenses/LICENSE-2.0.html
https://api.telegram.org/bot
http://pesterbdd.com/images/Pester.png
https://api.telegram.org
http://www.apache.org/licenses/LICENSE-2.0
http://nuget.org/NuGet.exe
https://api.ipify.org?format=text

Dropped files

Name File Type Hashes Detection
C:\Users\Public\Music\SFYZCOEBMGAPWXV.xml
 XML 1.0 document, ASCII text, with CRLF line terminators
 #
C:\Users\Public\Music\TvMusic.music
 ASCII text, with very long lines (65536), with no line terminators
 #
C:\Users\Public\Music\TvMusic.vbs
 ASCII text, with CRLF line terminators
 #